Fedora Linux 8588 Published by

An audacity security update has been released for Fedora 34.



SECURITY: Fedora 34 Update: audacity-3.0.2-3.fc34


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-1a043ee3d2
2021-06-22 01:01:06.903238
--------------------------------------------------------------------------------

Name : audacity
Product : Fedora 34
Version : 3.0.2
Release : 3.fc34
URL :   https://www.audacityteam.org/
Summary : Multitrack audio editor
Description :
Audacity is a cross-platform multitrack audio editor. It allows you to
record sounds directly or to import files in various formats. It features
a few simple effects, all of the editing features you should need, and
unlimited undo. The GUI was built with wxWidgets and the audio I/O
supports PulseAudio, OSS and ALSA under Linux.

--------------------------------------------------------------------------------
Update Information:

- Fix detection of Jack development package (fixes rhbz #1972963) - Add packages
needed for the LV2 interface to use the system libraries - Fix CVE-2020-1867
(fixes rhbz #1904016)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 17 2021 Ian McInerney - 3.0.2-3
- Fix detection of Jack development package (fixes rhbz #1972963)
- Add packages needed for the LV2 interface to use the system libraries
- Temporarily disable the rpath checks until upstream fixes it
- Fix CVE-2020-1867 (fixes rhbz #1904016)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1904016 - CVE-2020-11867 audacity: insecure use of temporary directory leads to information disclosure [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1904016
[ 2 ] Bug #1972963 - audacity: no jack host listed via pipewire
  https://bugzilla.redhat.com/show_bug.cgi?id=1972963
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-1a043ee3d2' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys